Skip to main content
Privacy · mcp · 18 picks

Privacy-aware agent tools and configs

Resources that help teams review local files, credentials, logs, telemetry, and third-party access before adopting agent workflows.

Curated by @heyclaude-editors Updated 2026-07-18

Resources that help teams review local files, credentials, logs, telemetry, and third-party access before adopting agent workflows.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

1 trust signal differ across this comparison (Package trust).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Build layered defenses against prompt injection, data exfiltration, and unsafe tool execution in AI agent systems.

Open dossier

Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.

Open dossier

Build applications, analyze traffic, and manage security settings through Cloudflare

Open dossier

Expert EVM capability skill for secure contract architecture across Ethereum and Base, including Foundry testing and operational controls.

Open dossier

Build and harden Ethereum smart contracts with Foundry, invariant testing, and battle-tested OpenZeppelin security patterns.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2026-04-10Package verified2026-04-11Package verifiedPackage verified2026-04-10Package verified2026-04-10
Source provenanceNo submission linkNo submission linkNo submission linkNo submission linkNo submission link
Submitter
Install riskLow riskLow riskLow riskLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandCloudflare logoCloudflare
Categoryskillsskillsmcpskillsskills
SourceFirst-partyFirst-partyFirst-partyFirst-partyFirst-party
AuthorJSONboredJSONboredCloudflareJSONboredJSONbored
Added2026-04-102026-04-112025-09-182026-04-102026-04-10
Platforms
Harness
Source repo
Safety notesTreat findings and generated mitigations as review inputs; validate suspected vulnerabilities and patches before changing production controls. Coordinate disclosure-sensitive security work privately and avoid running destructive probes outside authorized systems.Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying.Use a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services.Do not deploy or transact from generated contract code without independent review, tests, and a dry run; smart contract mistakes can be irreversible. Use local forks or testnets before mainnet and keep deployment wallets and RPC credentials least-privileged.Do not deploy or transact from generated contract code without independent review, tests, and a dry run; smart contract mistakes can be irreversible. Use local forks or testnets before mainnet and keep deployment wallets and RPC credentials least-privileged.
Privacy notesSecurity prompts and reports can include source snippets, vulnerability details, internal URLs, dependency metadata, and operational context. Redact secrets, customer data, exploit details, private infrastructure names, and unreleased findings before sharing outputs publicly.Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service.Zone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context.Prompts and reports can include contract source, audit findings, addresses, deployment config, and transaction context. Never paste private keys, seed phrases, unreleased exploit details, customer wallet data, or privileged RPC credentials into prompts.Prompts and reports can include contract source, audit findings, addresses, deployment config, and transaction context. Never paste private keys, seed phrases, unreleased exploit details, customer wallet data, or privileged RPC credentials into prompts.
Prerequisites
  • Agent flow that processes user input or external web/content data
  • Ability to add policy checks before tool execution
  • Test harness for adversarial prompt scenarios
  • Repository access and PR diff
  • Security severity policy
  • Test/lint/typecheck commands
  • Cloudflare account with active zones
  • Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
  • Cloudflare Account ID (found in Cloudflare dashboard)
  • Node.js and npm/npx available for running the @cloudflare/mcp-server-cloudflare package
  • Solidity codebase and deployment scripts
  • Security requirements and risk tolerance
  • Testnet staging environment
  • Solidity project initialized with Foundry
  • Clear protocol/token specification
  • Target chain and deployment constraints
Install
curl -L https://heyclau.de/downloads/skills/prompt-injection-defense-guardrails.zip -o prompt-injection-defense-guardrails.zip && unzip -o prompt-injection-defense-guardrails.zip -d ./prompt-injection-defense-guardrails
curl -L https://heyclau.de/downloads/skills/coderabbit-lite-pr-review-capability-pack.zip -o coderabbit-lite-pr-review-capability-pack.zip && unzip -o coderabbit-lite-pr-review-capability-pack.zip -d ./coderabbit-lite-pr-review-capability-pack
claude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID && claude mcp list
curl -L https://heyclau.de/downloads/skills/ethereum-base-smart-contract-security-capability-pack.zip -o ethereum-base-smart-contract-security-capability-pack.zip && unzip -o ethereum-base-smart-contract-security-capability-pack.zip -d ./ethereum-base-smart-contract-security-capability-pack
curl -L https://heyclau.de/downloads/skills/ethereum-solidity-security-foundry.zip -o ethereum-solidity-security-foundry.zip && unzip -o ethereum-solidity-security-foundry.zip -d ./ethereum-solidity-security-foundry
Config
{
  "mcpServers": {
    "cloudflare": {
      "env": {
        "CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
        "CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
      },
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ],
      "command": "npx",
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Prompt Injection Defense Guardrails Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  2. 02
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  3. 03
    Why it made the cut

    Cloudflare MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    Ethereum Base Smart Contract Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  5. 05
    Why it made the cut

    Ethereum Solidity Security Foundry Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    GitHub Actions Secure CI/CD Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    MCP Server Authoring Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    MCP Server Security Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    OpenClaw Agent Ops Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  11. 11
    Why it made the cut

    OpenClaw Operator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  12. 12
    Why it made the cut

    Socket MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  13. 13
    Why it made the cut

    Stytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  14. 14
    Why it made the cut

    AWS CloudTrail MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  15. 15
    Why it made the cut

    Dependency Security Audit is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  16. 16
    Why it made the cut

    Hardcoded Secret Pre-Write Guard Hook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  17. 17
    Why it made the cut

    MCP Local Tool Access Rules is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  18. 18
    Why it made the cut

    Prompt-Injection Content Scanner - Claude Code Hook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.